From 984bfce2d9de9eb73e09887b720d219566242398 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 7 Apr 2004 07:20:53 +0000 Subject: r101: added lsa_SetSecret() and lsa_QuerySecret() this required some crypto infrastructure and some sid utilities (This used to be commit 37d0efa9c2af8532536bea88412f0dd3ed39ecfc) --- source4/libcli/auth/session.c | 133 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 source4/libcli/auth/session.c (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c new file mode 100644 index 0000000000..946b0fe62f --- /dev/null +++ b/source4/libcli/auth/session.c @@ -0,0 +1,133 @@ +/* + Unix SMB/CIFS implementation. + + code to encrypt/decrypt data using the user session key + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* + encrypt or decrypt a blob of data using the user session key + as used in lsa_SetSecret + + before calling, the out blob must be initialised to be the same size + as the in blob +*/ +void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const uint8 session_key[16], + BOOL forward) +{ + int i, k; + + for (i=0,k=0; + ilength; + i += 8, k += 7) { + uint8 bin[8], bout[8], key[7]; + + memset(bin, 0, 8); + memcpy(bin, &in->data[i], MIN(8, in->length-i)); + + if (k + 7 > 16) { + k = (16 - k); + } + memcpy(key, &session_key[k], 7); + + smbhash(bout, bin, key, forward?1:0); + + memcpy(&out->data[i], bout, MIN(8, in->length-i)); + } +} + + +/* + a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention + + note that we round the length to a multiple of 8. This seems to be needed for + compatibility with windows + + caller should free using data_blob_free() +*/ +DATA_BLOB sess_encrypt_string(const char *str, const uint8 session_key[16]) +{ + DATA_BLOB ret, src; + int slen = strlen(str); + int dlen = (slen+7) & ~7; + + src = data_blob(NULL, 8+dlen); + if (!src.data) { + return data_blob(NULL, 0); + } + + ret = data_blob(NULL, 8+dlen); + if (!ret.data) { + data_blob_free(&src); + return data_blob(NULL, 0); + } + + SIVAL(src.data, 0, slen); + SIVAL(src.data, 4, 1); + memset(src.data+8, 0, dlen); + memcpy(src.data+8, str, slen); + + sess_crypt_blob(&ret, &src, session_key, True); + + data_blob_free(&src); + + return ret; +} + +/* + a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention + + caller should free the returned string +*/ +char *sess_decrypt_string(DATA_BLOB *blob, const uint8 session_key[16]) +{ + DATA_BLOB out; + int slen; + char *ret; + + if (blob->length < 8) { + return NULL; + } + + out = data_blob(NULL, blob->length); + if (!out.data) { + return NULL; + } + + sess_crypt_blob(&out, blob, session_key, False); + + slen = IVAL(out.data, 0); + if (slen > blob->length - 8) { + DEBUG(0,("Invalid crypt length %d\n", slen)); + return NULL; + } + + if (IVAL(out.data, 4) != 1) { + DEBUG(0,("Unexpected revision number %d in session crypted string\n", + IVAL(out.data, 4))); + return NULL; + } + + ret = strndup(out.data+8, slen); + + data_blob_free(&out); + + return ret; +} -- cgit From 59c8f48f0dfc0e4d42623fe1595cd9773ac5d15f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 9 May 2004 13:07:23 +0000 Subject: r611: Fix breakage from my last commit: Now that all session keys are DATA_BLOBs, fix the callers. This assumes some things about the behaviour of certain crypto algorithms, without the ability to test it on session keys != 16 bytes in length. We will just need to retest when we get the KRB5 support in (DES keys are 8 bytes). Andrew Bartlett (This used to be commit e4355a7ec1eba92bdecef8cc478272897276dbae) --- source4/libcli/auth/session.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 946b0fe62f..77eb1a6527 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -29,7 +29,7 @@ before calling, the out blob must be initialised to be the same size as the in blob */ -void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const uint8 session_key[16], +void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, BOOL forward) { int i, k; @@ -42,10 +42,10 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const uint8 session_ke memset(bin, 0, 8); memcpy(bin, &in->data[i], MIN(8, in->length-i)); - if (k + 7 > 16) { - k = (16 - k); + if (k + 7 > session_key->length) { + k = (session_key->length - k); } - memcpy(key, &session_key[k], 7); + memcpy(key, &session_key->data[k], 7); smbhash(bout, bin, key, forward?1:0); @@ -62,7 +62,7 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const uint8 session_ke caller should free using data_blob_free() */ -DATA_BLOB sess_encrypt_string(const char *str, const uint8 session_key[16]) +DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key) { DATA_BLOB ret, src; int slen = strlen(str); @@ -96,7 +96,7 @@ DATA_BLOB sess_encrypt_string(const char *str, const uint8 session_key[16]) caller should free the returned string */ -char *sess_decrypt_string(DATA_BLOB *blob, const uint8 session_key[16]) +char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key) { DATA_BLOB out; int slen; -- cgit From fcd718c7d8a6850ae8719f23ed044b06b57501cd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 25 May 2004 17:50:17 +0000 Subject: r890: convert samba4 to use [u]int8_t instead of [u]int8 metze (This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f) --- source4/libcli/auth/session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 77eb1a6527..1176d7fd0d 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -37,7 +37,7 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessi for (i=0,k=0; ilength; i += 8, k += 7) { - uint8 bin[8], bout[8], key[7]; + uint8_t bin[8], bout[8], key[7]; memset(bin, 0, 8); memcpy(bin, &in->data[i], MIN(8, in->length-i)); -- cgit From 8087d844ef59a82617be51f7c887b9bafe362f80 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 3 Jun 2004 23:15:16 +0000 Subject: r995: - renamed many of our crypto routines to use the industry standard names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee) --- source4/libcli/auth/session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 1176d7fd0d..598f2d4f28 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -47,7 +47,7 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessi } memcpy(key, &session_key->data[k], 7); - smbhash(bout, bin, key, forward?1:0); + des_crypt56(bout, bin, key, forward?1:0); memcpy(&out->data[i], bout, MIN(8, in->length-i)); } -- cgit From 91e94014beb145541c051b4df28dde7ad0899da5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 17 Nov 2004 12:27:16 +0000 Subject: r3805: Fix the LSA portions of the RPC-SAMSYNC test - I was not using the LSA secrets interface correctly. (New interface added). Andrew Bartlett (This used to be commit 994ac7f031e2b2d528595a4a0a446d92074d6ecf) --- source4/libcli/auth/session.c | 77 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 598f2d4f28..fdb6462b00 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -131,3 +131,80 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key) return ret; } + +/* + a convenient wrapper around sess_crypt_blob() for DATA_BLOBs, using the LSA convention + + note that we round the length to a multiple of 8. This seems to be needed for + compatibility with windows + + caller should free using data_blob_free() +*/ +DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key) +{ + DATA_BLOB ret, src; + int dlen = (blob_in->length+7) & ~7; + + src = data_blob_talloc(mem_ctx, NULL, 8+dlen); + if (!src.data) { + return data_blob(NULL, 0); + } + + ret = data_blob(NULL, 8+dlen); + if (!ret.data) { + data_blob_free(&src); + return data_blob(NULL, 0); + } + + SIVAL(src.data, 0, blob_in->length); + SIVAL(src.data, 4, 1); + memset(src.data+8, 0, dlen); + memcpy(src.data+8, blob_in->data, blob_in->length); + + sess_crypt_blob(&ret, &src, session_key, True); + + data_blob_free(&src); + + return ret; +} + +/* + a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention + + caller should free the returned string +*/ +DATA_BLOB sess_decrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const DATA_BLOB *session_key) +{ + DATA_BLOB out; + int slen; + DATA_BLOB ret; + + if (blob->length < 8) { + return data_blob(NULL, 0); + } + + out = data_blob_talloc(mem_ctx, NULL, blob->length); + if (!out.data) { + return data_blob(NULL, 0); + } + + sess_crypt_blob(&out, blob, session_key, False); + + slen = IVAL(out.data, 0); + if (slen > blob->length - 8) { + DEBUG(0,("Invalid crypt length %d\n", slen)); + return data_blob(NULL, 0); + } + + if (IVAL(out.data, 4) != 1) { + DEBUG(0,("Unexpected revision number %d in session crypted string\n", + IVAL(out.data, 4))); + return data_blob(NULL, 0); + } + + ret = data_blob_talloc(mem_ctx, out.data+8, slen); + + data_blob_free(&out); + + return ret; +} -- cgit From 089f3843c5eadc792f9f8399bf3df45601621b2c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 25 Nov 2004 19:21:55 +0000 Subject: r3967: fix compiler warnings metze (This used to be commit 3f2c3ce2f0d11ea9f3c058690e0bb14d590c714c) --- source4/libcli/auth/session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index fdb6462b00..91eee9ce81 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -124,8 +124,8 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key) IVAL(out.data, 4))); return NULL; } - - ret = strndup(out.data+8, slen); + + ret = strndup((const char *)(out.data+8), slen); data_blob_free(&out); -- cgit From a249198d539685be5cb97e179e85ae00dbba8c83 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 11 Jan 2005 14:04:58 +0000 Subject: r4682: A LDB-based secrets implementation in Samba4. This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51) --- source4/libcli/auth/session.c | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 91eee9ce81..9b4132a490 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -113,18 +113,18 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key) sess_crypt_blob(&out, blob, session_key, False); - slen = IVAL(out.data, 0); - if (slen > blob->length - 8) { - DEBUG(0,("Invalid crypt length %d\n", slen)); - return NULL; - } - if (IVAL(out.data, 4) != 1) { DEBUG(0,("Unexpected revision number %d in session crypted string\n", IVAL(out.data, 4))); return NULL; } + slen = IVAL(out.data, 0); + if (slen > blob->length - 8) { + DEBUG(0,("Invalid crypt length %d\n", slen)); + return NULL; + } + ret = strndup((const char *)(out.data+8), slen); data_blob_free(&out); @@ -169,42 +169,43 @@ DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_ } /* - a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention - - caller should free the returned string + Decrypt a DATA_BLOB using the LSA convention */ -DATA_BLOB sess_decrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const DATA_BLOB *session_key) +NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DATA_BLOB *session_key, + DATA_BLOB *ret) { DATA_BLOB out; int slen; - DATA_BLOB ret; if (blob->length < 8) { - return data_blob(NULL, 0); + return NT_STATUS_INVALID_PARAMETER; } out = data_blob_talloc(mem_ctx, NULL, blob->length); if (!out.data) { - return data_blob(NULL, 0); + return NT_STATUS_NO_MEMORY; } sess_crypt_blob(&out, blob, session_key, False); + if (IVAL(out.data, 4) != 1) { + DEBUG(0,("Unexpected revision number %d in session crypted string\n", + IVAL(out.data, 4))); + return NT_STATUS_UNKNOWN_REVISION; + } + slen = IVAL(out.data, 0); if (slen > blob->length - 8) { DEBUG(0,("Invalid crypt length %d\n", slen)); - return data_blob(NULL, 0); + return NT_STATUS_WRONG_PASSWORD; } - if (IVAL(out.data, 4) != 1) { - DEBUG(0,("Unexpected revision number %d in session crypted string\n", - IVAL(out.data, 4))); - return data_blob(NULL, 0); + *ret = data_blob_talloc(mem_ctx, out.data+8, slen); + if (!ret->data) { + return NT_STATUS_NO_MEMORY; } - - ret = data_blob_talloc(mem_ctx, out.data+8, slen); data_blob_free(&out); - return ret; + return NT_STATUS_OK; } -- cgit From 928af7e6ff8f9051d0e7827ffea2dfa432692d63 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Mar 2005 03:17:30 +0000 Subject: r5877: It is not an error to have a zero-length secret, after decryption. Andrew Bartlett (This used to be commit b484776cc4d48690d45c668f9253015eb0d6207d) --- source4/libcli/auth/session.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 9b4132a490..fda0aab055 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -178,6 +178,8 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT int slen; if (blob->length < 8) { + DEBUG(0, ("Unexpected length %d in session crypted secret (BLOB)\n", + blob->length)); return NT_STATUS_INVALID_PARAMETER; } @@ -189,19 +191,19 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT sess_crypt_blob(&out, blob, session_key, False); if (IVAL(out.data, 4) != 1) { - DEBUG(0,("Unexpected revision number %d in session crypted string\n", + DEBUG(0,("Unexpected revision number %d in session crypted secret (BLOB)\n", IVAL(out.data, 4))); return NT_STATUS_UNKNOWN_REVISION; } slen = IVAL(out.data, 0); if (slen > blob->length - 8) { - DEBUG(0,("Invalid crypt length %d\n", slen)); + DEBUG(0,("Invalid crypt length %d in session crypted secret (BLOB)\n", slen)); return NT_STATUS_WRONG_PASSWORD; } *ret = data_blob_talloc(mem_ctx, out.data+8, slen); - if (!ret->data) { + if (slen && !ret->data) { return NT_STATUS_NO_MEMORY; } -- cgit From d52ce8ff0c0546b681f3787728f739c1bb6a71e2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 18 Jun 2005 20:32:21 +0000 Subject: r7731: change debug level to not spam the build-farm smbd log metze (This used to be commit 3a1ed83fd0714fa46055c8fe5b039986909f9a45) --- source4/libcli/auth/session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index fda0aab055..b32e1d724d 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -191,7 +191,7 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT sess_crypt_blob(&out, blob, session_key, False); if (IVAL(out.data, 4) != 1) { - DEBUG(0,("Unexpected revision number %d in session crypted secret (BLOB)\n", + DEBUG(2,("Unexpected revision number %d in session crypted secret (BLOB)\n", IVAL(out.data, 4))); return NT_STATUS_UNKNOWN_REVISION; } -- cgit From e835621799647ee70630b389fb53d15b15d68355 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 17 Jul 2005 09:20:52 +0000 Subject: r8520: fixed a pile of warnings from the build farm gcc -Wall output on S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f) --- source4/libcli/auth/session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index b32e1d724d..22146cbfb3 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -179,7 +179,7 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT if (blob->length < 8) { DEBUG(0, ("Unexpected length %d in session crypted secret (BLOB)\n", - blob->length)); + (int)blob->length)); return NT_STATUS_INVALID_PARAMETER; } -- cgit From 935af3eb1963761b4c8fd9e0e9902ad592f948bf Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 25 Mar 2006 18:47:47 +0000 Subject: r14724: Rearrange some source files, install more headers. (This used to be commit 7146c1600f29c349e5bb78f810e7e170b535dd37) --- source4/libcli/auth/session.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 22146cbfb3..afa7afbd0f 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -21,6 +21,7 @@ */ #include "includes.h" +#include "libcli/auth/libcli_auth.h" /* encrypt or decrypt a blob of data using the user session key -- cgit From e5e9bcd39842e3b24460d9dcbfea079ed8d3c804 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 23 May 2006 06:52:22 +0000 Subject: r15834: fixed a memory leak in the session code (This used to be commit 8a7047c102cdbcf746dcdf8a52554816b7770026) --- source4/libcli/auth/session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index afa7afbd0f..280a0d282c 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -151,7 +151,7 @@ DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_ return data_blob(NULL, 0); } - ret = data_blob(NULL, 8+dlen); + ret = data_blob_talloc(mem_ctx, NULL, 8+dlen); if (!ret.data) { data_blob_free(&src); return data_blob(NULL, 0); -- cgit From 318682b00377605a26d0b7fd4b59713c6c429b81 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 28 Sep 2006 06:44:47 +0000 Subject: r18971: avoid strndup is a few places. Fixes a minor memory leak, and should fix RPC-LSA on AIX. (This used to be commit 6cce709d08579f4e00b44b692332a557b0ea3b86) --- source4/libcli/auth/session.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 280a0d282c..430eecd78f 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -97,7 +97,8 @@ DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key) caller should free the returned string */ -char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key) +char *sess_decrypt_string(TALLOC_CTX *mem_ctx, + DATA_BLOB *blob, const DATA_BLOB *session_key) { DATA_BLOB out; int slen; @@ -107,7 +108,7 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key) return NULL; } - out = data_blob(NULL, blob->length); + out = data_blob_talloc(mem_ctx, NULL, blob->length); if (!out.data) { return NULL; } @@ -117,19 +118,23 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key) if (IVAL(out.data, 4) != 1) { DEBUG(0,("Unexpected revision number %d in session crypted string\n", IVAL(out.data, 4))); + data_blob_free(&out); return NULL; } slen = IVAL(out.data, 0); if (slen > blob->length - 8) { DEBUG(0,("Invalid crypt length %d\n", slen)); + data_blob_free(&out); return NULL; } - ret = strndup((const char *)(out.data+8), slen); + ret = talloc_strndup(mem_ctx, (const char *)(out.data+8), slen); data_blob_free(&out); + DEBUG(0,("decrypted string '%s' of length %d\n", ret, slen)); + return ret; } -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/libcli/auth/session.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 430eecd78f..4a9d79c425 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From a0fa5051bdb30d2d5e6d106f7c67c00211c93341 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 10 Jul 2007 13:41:00 +0000 Subject: r23816: A little more static, but leave the dead code testjoin.c as documentation. Andrew Bartlett (This used to be commit 6679003c0553804333f0090a91e1fe53837ceb47) --- source4/libcli/auth/session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 4a9d79c425..7f44b6b5a9 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -29,7 +29,7 @@ before calling, the out blob must be initialised to be the same size as the in blob */ -void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, +static void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, BOOL forward) { int i, k; -- cgit From 2151cde58014ea2e822c13d2f8a369b45dc19ca8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 22:28:14 +0000 Subject: r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9) --- source4/libcli/auth/session.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/libcli/auth/session.c') diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 7f44b6b5a9..29af7fafe8 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -30,7 +30,7 @@ as the in blob */ static void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, - BOOL forward) + bool forward) { int i, k; @@ -84,7 +84,7 @@ DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key) memset(src.data+8, 0, dlen); memcpy(src.data+8, str, slen); - sess_crypt_blob(&ret, &src, session_key, True); + sess_crypt_blob(&ret, &src, session_key, true); data_blob_free(&src); @@ -112,7 +112,7 @@ char *sess_decrypt_string(TALLOC_CTX *mem_ctx, return NULL; } - sess_crypt_blob(&out, blob, session_key, False); + sess_crypt_blob(&out, blob, session_key, false); if (IVAL(out.data, 4) != 1) { DEBUG(0,("Unexpected revision number %d in session crypted string\n", @@ -166,7 +166,7 @@ DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_ memset(src.data+8, 0, dlen); memcpy(src.data+8, blob_in->data, blob_in->length); - sess_crypt_blob(&ret, &src, session_key, True); + sess_crypt_blob(&ret, &src, session_key, true); data_blob_free(&src); @@ -193,7 +193,7 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT return NT_STATUS_NO_MEMORY; } - sess_crypt_blob(&out, blob, session_key, False); + sess_crypt_blob(&out, blob, session_key, false); if (IVAL(out.data, 4) != 1) { DEBUG(2,("Unexpected revision number %d in session crypted secret (BLOB)\n", -- cgit